Platform: Code4rena
Start Date: 23/06/2023
Pot Size: $60,500 USDC
Total HM: 31
Participants: 132
Period: 10 days
Judge: 0xean
Total Solo HM: 10
Id: 254
League: ETH
Rank: 99/132
Findings: 1
Award: $29.06
🌟 Selected for report: 0
🚀 Solo Findings: 0
29.0567 USDC - $29.06
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/miner/esLBRBoost.sol#L38-L45 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/miner/ProtocolRewardsPool.sol#L73-L98
ProtocolRewardsPool.stake() does not take into account LockStatus for msg.sender in any way. esLBRBoost.setLockStatus() can be called at any time (including before calling ProtocolRewardsPool.stake()). When calling ProtocolRewardsPool.unstake(), only the time when esLBRBoost.setLockStatus() was called is taken into account. The user can call setLockStatus() ahead of time to quickly call ProtocolRewardsPool.unstake() later.d
proofs above
Manual review
write the number of tokens to setLockStatus.userLockStatus
Context
#0 - c4-pre-sort
2023-07-10T20:58:51Z
JeffCX marked the issue as duplicate of #884
#1 - c4-pre-sort
2023-07-11T21:32:33Z
JeffCX marked the issue as duplicate of #838
#2 - c4-judge
2023-07-28T13:06:49Z
0xean marked the issue as duplicate of #773
#3 - c4-judge
2023-07-28T13:08:19Z
0xean changed the severity to 2 (Med Risk)
#4 - c4-judge
2023-07-28T15:38:24Z
0xean marked the issue as satisfactory